o $ªZÙnã@s¢ddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z dd lm Z dd lm Z e d ƒZ Gd d „d ejƒZGdd„de jƒZGdd„deƒZGdd„deƒZGdd„dejƒZGdd„dejƒZGdd„dejƒZGdd„dejƒZGdd„dejƒZGdd„dejƒZGd d!„d!ejƒZGd"d#„d#ejƒZGd$d%„d%ejƒZGd&d'„d'ejƒZ Gd(d)„d)ejƒZ!Gd*d+„d+ej"ƒZ#Gd,d-„d-ejƒZ$Gd.d/„d/ejƒZ%Gd0d1„d1ejƒZ&Gd2d3„d3ej'ƒZ(Gd4d5„d5ej)ƒZ*Gd6d7„d7ejƒZ+Gd8d9„d9ejƒZ,Gd:d;„d;ejƒZ-Gdd?„d?ejƒZ/Gd@dA„dAejƒZ0GdBdC„dCejƒZ1GdDdE„dEejƒZ2GdFdG„dGejƒZ3GdHdI„dIejƒZ4GdJdK„dKejƒZ5GdLdM„dMejƒZ6GdNdO„dOejƒZ7e 8dP¡Z9GdQdR„dRejƒZ:e 8dS¡Z;GdTdU„dUej)ƒZej?ej@dV¡dWZAGdXdY„dYej"ƒZBGdZd[„d[ejƒZCGd\d]„d]ejƒZDGd^d_„d_ejƒZEGd`da„daejƒZFeFƒe6_GeFƒeA_GdbS)cé)Úchar)Ú constraint)Ú namedtype)Únamedval)Útag)Úuniv)Úuseful)Úrfc2314)Úrfc2459)Úrfc2511Úinfc@ó eZdZdS)Ú KeyIdentifierN©Ú__name__Ú __module__Ú __qualname__©rrú8/usr/lib/python3/dist-packages/pyasn1_modules/rfc4210.pyrórc@r )ÚCMPCertificateNrrrrrrrrc@r )ÚOOBCertNrrrrrr"rrc@r )ÚCertAnnContentNrrrrrr&rrc@s,eZdZdZe ¡Zejj e   de ¡Z dS)Ú PKIFreeTextz> PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String éN) rrrÚ__doc__rÚ UTF8StringÚ componentTyperÚ SequenceOfÚ subtypeSpecrÚValueSizeConstraintÚMAXrrrrr*src@ó(eZdZdZGdd„dejƒZeƒZdS)ÚPollRepContentzÚ PollRepContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER, checkAfter INTEGER, -- time in seconds reason PKIFreeText OPTIONAL } c@s<eZdZe e de ¡¡e de ¡¡e de ƒ¡¡Z dS)zPollRepContent.CertReqÚ certReqIdÚ checkAfterÚreasonN) rrrrÚ NamedTypesÚ NamedTyperÚIntegerÚOptionalNamedTyperrrrrrÚCertReq;s  ýr+N©rrrrrÚSequencer+rrrrrr#2s r#c@r")ÚPollReqContentzh PollReqContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER } c@s"eZdZe e de ¡¡¡ZdS)zPollReqContent.CertReqr$N) rrrrr'r(rr)rrrrrr+Msÿr+Nr,rrrrr.Es r.c@s4eZdZdZe e de ¡¡e  de  ¡¡¡Z dS)ÚInfoTypeAndValuez— InfoTypeAndValue ::= SEQUENCE { infoType OBJECT IDENTIFIER, infoValue ANY DEFINED BY infoType OPTIONAL }ÚinfoTypeÚ infoValueN) rrrrrr'r(rÚObjectIdentifierr*ÚAnyrrrrrr/Us þr/c@óeZdZeƒZdS)Ú GenRepContentN©rrrr/rrrrrr5aó r5c@r4)Ú GenMsgContentNr6rrrrr8er7r8c@r )ÚPKIConfirmContentNrrrrrr9irr9c@óeZdZe ¡ZdS)Ú CRLAnnContentN)rrrr ÚCertificateListrrrrrr;mó r;c@s<eZdZdZe e deƒ¡e deƒ¡e deƒ¡¡ZdS)ÚCAKeyUpdAnnContentz£ CAKeyUpdAnnContent ::= SEQUENCE { oldWithNew CMPCertificate, newWithOld CMPCertificate, newWithNew CMPCertificate } Ú oldWithNewÚ newWithOldÚ newWithNewN) rrrrrr'r(rrrrrrr>qó   ýr>c@s4eZdZdZe e de ¡¡e  de   ¡¡¡Z dS)Ú RevDetailszŒ RevDetails ::= SEQUENCE { certDetails CertTemplate, crlEntryDetails Extensions OPTIONAL } Ú certDetailsÚcrlEntryDetailsN) rrrrrr'r(r Ú CertTemplater*r Ú ExtensionsrrrrrrC€s þrCc@r4)Ú RevReqContentN)rrrrCrrrrrrHr7rHc @s^eZdZdZe e deƒje   e j e j d¡d¡e de  ¡je   e j e j d¡d¡¡ZdS)Ú CertOrEncCertz… CertOrEncCert ::= CHOICE { certificate [0] CMPCertificate, encryptedCert [1] EncryptedValue } Ú certificater©Ú explicitTagÚ encryptedCertrN)rrrrrr'r(rÚsubtyperÚTagÚtagClassContextÚtagFormatConstructedr ÚEncryptedValuerrrrrrI‘s "$þrIc @sleZdZdZe e deƒ¡e de   ¡j e   e je jd¡d¡e de  ¡j e   e je jd¡d¡¡ZdS) ÚCertifiedKeyPairzÑ CertifiedKeyPair ::= SEQUENCE { certOrEncCert CertOrEncCert, privateKey [0] EncryptedValue OPTIONAL, publicationInfo [1] PKIPublicationInfo OPTIONAL } Ú certOrEncCertÚ privateKeyrrKÚpublicationInforN)rrrrrr'r(rIr*r rRrNrrOrPrQÚPKIPublicationInforrrrrrSžs $$ýrSc@r:)ÚPOPODecKeyRespContentN)rrrrr)rrrrrrX­r=rXc @sBeZdZdZe e de ¡¡e  de   ¡¡e  de   ¡¡¡Z dS)Ú Challengezº Challenge ::= SEQUENCE { owf AlgorithmIdentifier OPTIONAL, witness OCTET STRING, challenge OCTET STRING } ÚowfÚwitnessÚ challengeN) rrrrrr'r*r ÚAlgorithmIdentifierr(rÚ OctetStringrrrrrrY±sýrYc @s&eZdZdZe ddddddd¡Zd S) Ú PKIStatusa+ PKIStatus ::= INTEGER { accepted (0), grantedWithMods (1), rejection (2), waiting (3), revocationWarning (4), revocationNotification (5), keyUpdateWarning (6) } )Úacceptedr)ÚgrantedWithModsr)Ú rejectioné)Úwaitingé)ÚrevocationWarningé)ÚrevocationNotificationé)ÚkeyUpdateWarningéN©rrrrrÚ NamedValuesÚ namedValuesrrrrr_Às ùr_c@sNeZdZdZe dddddddd d d d d ddddddddddddddd¡ZdS)ÚPKIFailureInfoaÏ PKIFailureInfo ::= BIT STRING { badAlg (0), badMessageCheck (1), badRequest (2), badTime (3), badCertId (4), badDataFormat (5), wrongAuthority (6), incorrectData (7), missingTimeStamp (8), badPOP (9), certRevoked (10), certConfirmed (11), wrongIntegrity (12), badRecipientNonce (13), timeNotAvailable (14), unacceptedPolicy (15), unacceptedExtension (16), addInfoNotAvailable (17), badSenderNonce (18), badCertTemplate (19), signerNotTrusted (20), transactionIdInUse (21), unsupportedVersion (22), notAuthorized (23), systemUnavail (24), systemFailure (25), duplicateCertReq (26) )ÚbadAlgr)ÚbadMessageCheckr)Ú badRequestrc)ÚbadTimere)Ú badCertIdrg)Ú badDataFormatri)ÚwrongAuthorityrk)Ú incorrectDataé)ÚmissingTimeStampé)ÚbadPOPé )Ú certRevokedé )Ú certConfirmedé )ÚwrongIntegrityé )ÚbadRecipientNonceé )ÚtimeNotAvailableé)ÚunacceptedPolicyé)ÚunacceptedExtensioné)ÚaddInfoNotAvailableé)ÚbadSenderNonceé)ÚbadCertTemplateé)ÚsignerNotTrustedé)ÚtransactionIdInUseé)ÚunsupportedVersioné)Ú notAuthorizedé)Ú systemUnavailé)Ú systemFailureé)ÚduplicateCertReqéNrlrrrrro×s>åroc@s<eZdZdZe e deƒ¡e de ƒ¡e de ƒ¡¡Z dS)Ú PKIStatusInfoz° PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusString PKIFreeText OPTIONAL, failInfo PKIFailureInfo OPTIONAL } ÚstatusÚ statusStringÚfailInfoN) rrrrrr'r(r_r*rrorrrrrrŸrBrŸc@s>eZdZdZe e deƒ¡e de   ¡¡e de ƒ¡¡Z dS)ÚErrorMsgContenta7 ErrorMsgContent ::= SEQUENCE { pKIStatusInfo PKIStatusInfo, errorCode INTEGER OPTIONAL, -- implementation-specific error codes errorDetails PKIFreeText OPTIONAL -- implementation-specific error details } Ú pKIStatusInfoÚ errorCodeÚ errorDetailsN) rrrrrr'r(rŸr*rr)rrrrrrr£$s  ýr£c@s@eZdZdZe e de ¡¡e de  ¡¡e  de ƒ¡¡Z dS)Ú CertStatusz” CertStatus ::= SEQUENCE { certHash OCTET STRING, certReqId INTEGER, statusInfo PKIStatusInfo OPTIONAL } ÚcertHashr$Ú statusInfoN) rrrrrr'r(rr^r)r*rŸrrrrrr§5s ýr§c@r4)ÚCertConfirmContentN)rrrr§rrrrrrªDr7rªc @s\eZdZdZe e deƒ¡e de  ¡¡e de   ¡¡e de   ¡¡e  de  ¡¡¡ZdS)Ú RevAnnContenta RevAnnContent ::= SEQUENCE { status PKIStatus, certId CertId, willBeRevokedAt GeneralizedTime, badSinceDate GeneralizedTime, crlDetails Extensions OPTIONAL } r ÚcertIdÚwillBeRevokedAtÚ badSinceDateÚ crlDetailsN)rrrrrr'r(r_r ÚCertIdrÚGeneralizedTimer*r rGrrrrrr«Hs ûr«c@seZdZdZe e deƒ¡e de j e   ¡dj e de¡e ejejd¡d¡e de j e ¡dj e de¡e ejejd¡d¡¡Zd S) Ú RevRepContentaI RevRepContent ::= SEQUENCE { status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL r ÚrevCerts©rrr©rrLÚcrlsN)rrrrrr'r(rŸr*rrr r°rNrr r!rrOrPrQr r<rrrrrr²[s"  þÿ þÿør²c@s®eZdZdZe e deƒ¡e de ƒj e   e j e jd¡d¡e deje ƒdj e   e j e jd¡e de¡d ¡e d ejeƒdj e   e j e jd ¡e de¡d ¡¡Zd S) ÚKeyRecRepContenta KeyRecRepContent ::= SEQUENCE { status PKIStatusInfo, newSigCert [0] CMPCertificate OPTIONAL, caCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, keyPairHist [2] SEQUENCE SIZE (1..MAX) OF CertifiedKeyPair OPTIONAL } r Ú newSigCertrrKÚcaCertsr´r)rLrÚ keyPairHistrcN)rrrrrr'r(rŸr*rrNrrOrPrQrrrr r!rSrrrrrr·us( ÿÿ þÿ þór·c @sLeZdZdZe e de ¡¡e de ƒ¡e  de ƒ¡e  de  ¡¡¡Z dS)Ú CertResponsezó CertResponse ::= SEQUENCE { certReqId INTEGER, status PKIStatusInfo, certifiedKeyPair CertifiedKeyPair OPTIONAL, rspInfo OCTET STRING OPTIONAL } r$r ÚcertifiedKeyPairÚrspInfoN)rrrrrr'r(rr)rŸr*rSr^rrrrrr»”s  ür»c @s`eZdZdZe e deje ƒdj e   de ¡e ejejd¡d¡e dejeƒd¡¡ZdS)ÚCertRepMessagezÈ CertRepMessage ::= SEQUENCE { caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, response SEQUENCE OF CertResponse } ÚcaPubsr´rrµÚresponseN)rrrrrr'r*rrrrNrr r!rrOrPrQr(r»rrrrrr¾¥sÿþÿúr¾c@r4)ÚPOPODecKeyChallContentN)rrrrYrrrrrrÁ·r7rÁc @sneZdZdZe e de ¡j e   e j e j d¡d¡e de ¡j e   e j e j d¡d¡e de ¡¡¡ZdS) Ú OOBCertHashzÅ OOBCertHash ::= SEQUENCE { hashAlg [0] AlgorithmIdentifier OPTIONAL, certId [1] CertId OPTIONAL, hashVal BIT STRING } ÚhashAlgrrKr¬rÚhashValN)rrrrrr'r*r r]rNrrOrPrQr r°r(rÚ BitStringrrrrrr»sÿÿùrÂc@seZdZdZe ¡ZdS)ÚNestedMessageContentz. NestedMessageContent ::= PKIMessages N)rrrrrr3rrrrrrÆÐs rÆc@s4eZdZdZe e de ¡¡e de ¡¡¡Z dS)Ú DHBMParametera1 DHBMParameter ::= SEQUENCE { owf AlgorithmIdentifier, -- AlgId for a One-Way Function (SHA-1 recommended) mac AlgorithmIdentifier -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], } -- or HMAC [RFC2104, RFC2202]) rZÚmacN) rrrrrr'r(r r]rrrrrrÇ×s þrÇz1.2.840.113533.7.66.30c @s`eZdZdZe e de ¡j e   dd¡d¡e de   ¡¡e de ¡¡e de   ¡¡¡Zd S) Ú PBMParameterzà PBMParameter ::= SEQUENCE { salt OCTET STRING, owf AlgorithmIdentifier, iterationCount INTEGER, mac AlgorithmIdentifier } Úsaltré€)rrZÚiterationCountrÈN)rrrrrr'r(rr^rNrr r r]r)rrrrrrÉésÿúrÉz1.2.840.113533.7.66.13c@r )Ú PKIProtectionNrrrrrrÍÿrrÍr’rKc%@s¢eZdZdZe e de ¡j e   e j e j d¡d¡e deƒj e   e j e j d¡d¡e de ¡j e   e j e j d¡d¡e d eƒj e   e j e j d ¡d¡e d e ¡j e   e j e j d ¡d¡e d eƒj e   e j e j d¡d¡e deƒj e   e j e j d¡d¡e de ¡j e   e j e j d¡d¡e deƒj e   e j e j d¡d¡e de ¡j e   e j e j d¡d¡e deƒj e   e j e j d¡d¡e deƒj e   e j e j d¡d¡e deƒj e   e j e j d¡d¡e de ¡j e   e j e j d¡d¡e deƒj e   e j e j d ¡d¡e d!eƒj e   e j e j d"¡d¡e d#eƒj e   e j e j d$¡d¡e d%eƒj e   e j e j d&¡d¡e d'eƒj e   e j e j d(¡d¡e d)eƒj e   e j e j d*¡d¡e d+e¡e d,eƒj e   e j e j d-¡d¡e d.eƒj e   e j e j d/¡d¡e d0eƒj e   e j e j d1¡d¡e d2eƒj e   e j e j d3¡d¡e d4e ƒj e   e j e j d5¡d¡e d6e!ƒj e   e j e j d7¡d¡¡Z"d8S)9ÚPKIBodyag PKIBody ::= CHOICE { -- message-specific body elements ir [0] CertReqMessages, --Initialization Request ip [1] CertRepMessage, --Initialization Response cr [2] CertReqMessages, --Certification Request cp [3] CertRepMessage, --Certification Response p10cr [4] CertificationRequest, --imported from [PKCS10] popdecc [5] POPODecKeyChallContent, --pop Challenge popdecr [6] POPODecKeyRespContent, --pop Response kur [7] CertReqMessages, --Key Update Request kup [8] CertRepMessage, --Key Update Response krr [9] CertReqMessages, --Key Recovery Request krp [10] KeyRecRepContent, --Key Recovery Response rr [11] RevReqContent, --Revocation Request rp [12] RevRepContent, --Revocation Response ccr [13] CertReqMessages, --Cross-Cert. Request ccp [14] CertRepMessage, --Cross-Cert. Response ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. cann [16] CertAnnContent, --Certificate Ann. rann [17] RevAnnContent, --Revocation Ann. crlann [18] CRLAnnContent, --CRL Announcement pkiconf [19] PKIConfirmContent, --Confirmation nested [20] NestedMessageContent, --Nested Message genm [21] GenMsgContent, --General Message genp [22] GenRepContent, --General Response error [23] ErrorMsgContent, --Error Message certConf [24] CertConfirmContent, --Certificate confirm pollReq [25] PollReqContent, --Polling request pollRep [26] PollRepContent --Polling response ÚirrrKÚiprÚcrrcÚcpreÚp10crrgÚpopdeccriÚpopdecrrkÚkurrxÚkuprzÚkrrr|Úkrpr~Úrrr€Úrpr‚Úccrr„Úccpr†ÚckuannrˆÚcannrŠÚrannrŒÚcrlannrŽÚpkiconfrÚnestedÚgenmr”Úgenr–Úerrorr˜ÚcertConfršÚpollReqrœÚpollRepržN)#rrrrrr'r(r ÚCertReqMessagesrNrrOrPrQr¾r ÚCertificationRequestrÁrXr·rHr²r>rr«r;r9ÚnestedMessageContentr8r5r£rªr.r#rrrrrrÎ s ÿÿÿÿ ÿÿÿÿ ÿÿÿÿÿÿ ÿÿÿÿ ÿÿÿÿÿÿÿÿ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿúrÎc@s eZdZdZe e deje   dd¡d¡e de   ¡¡e de   ¡¡e  de ¡je ejejd ¡d ¡e  d e  ¡je ejejd ¡d ¡e  d e  ¡je ejejd¡d ¡e  de  ¡je ejejd¡d ¡e  de ¡je ejejd¡d ¡e  de ¡je ejejd¡d ¡e  de ¡je ejejd¡d ¡e  deƒje ejejd¡d ¡e  dejeƒje d e¡e ejejd¡dd¡¡ ZdS)Ú PKIHeaderaè PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2) }, sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } Úpvno)Úcmp1999r)Úcmp2000rc)rnÚsenderÚ recipientÚ messageTimerrKÚ protectionAlgrÚ senderKIDrcÚrecipKIDreÚ transactionIDrgÚ senderNonceriÚ recipNoncerkÚfreeTextrxÚ generalInforzrµr´N) rrrrrr'r(rr)rrmr Ú GeneralNamer*rr±rNrrOrPÚtagFormatSimpler]rQrr^rrr/rr r!rrrrrrí¶sV ÿÿÿÿÿÿÿÿÿ ÿ þÿÿèríc@s0eZdZdZe e deƒ¡e deƒ¡¡Z dS)Ú ProtectedPartzg ProtectedPart ::= SEQUENCE { header PKIHeader, body PKIBody } Úheaderr1N) rrrrrr'r(rírÎrrrrrrþìs   þrþc@s†eZdZdZe e deƒ¡e deƒ¡e  de ƒj e   e je jd¡d¡e  dejeƒdj e d e¡e   e je jd ¡d ¡¡Zd S) Ú PKIMessagezé PKIMessage ::= SEQUENCE { header PKIHeader, body PKIBody, protection [0] PKIProtection OPTIONAL, extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL }rÿÚbodyÚ protectionrrKÚ extraCertsr´rrµN)rrrrrr'r(rírÎr*rÍrNrrOrPrýrrrrr r!rQrrrrrrùs$   ÿÿ üÿûrc@s*eZdZdZeƒZejje   de ¡ZdS)Ú PKIMessagesz> PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage rN) rrrrrrrrrrr r!rrrrrsrN)HÚ pyasn1.typerrrrrrrÚpyasn1_modulesr r r Úfloatr!r^rÚ Certificaterrrrrr#r.r-r/r5r8ÚNullr9r;r>rCrHÚChoicerIrSrXrYr)r_rÅrorŸr£r§rªr«r²r·r»r¾rÁrÂrÆrÇr2Ú id_DHBasedMacrÉÚid_PasswordBasedMacrÍrNrOrPrQrìrÎrírþrrÚ_componentTyperrrrÚsx            >  ÿ.6